SUPERDRUG shoppers have been urged to change their passwords after a hacker claimed to have obtained the personal information of 20,000 customers.

A blackmail message has been received by the beauty retailer telling it to pay up or the details of 20,000 accounts will be revealed.

The high street chain said the hacker's allegations have not been confirmed, but warned that it has seen proof that the accounts of 386 people have been accessed.

Customers' names, addresses, dates of birth, phone numbers and points balances "may have been accessed", but card payment information "has not been compromised".

As a result, all online Superdrug shoppers and loyalty card users are being advised to change their password immediately - and to do so on a "frequent basis".

Superdrug has also directly notified customers it believes may have had their accounts accessed.

A spokesperson for Superdrug said: "On Monday evening we were contacted by an individual who claimed they had obtained a number of our customers' online shopping information and were seeking a ransom from us.

"We believe they obtained customers' email addresses and passwords from other websites and then used those credentials to access accounts on our website.

"We have worked with our independent IT security advisors who have confirmed that there have been no signs of a hack of our systems (for example, there has been no mass data download or extraction from our systems).

"They also confirmed that the 386 accounts that were shared by the individual as proof of the attack were accounts that had been obtained in previous hacks unrelated to Superdrug."

Both the police and Action Fraud - the UK’s national fraud and cyber-crime arm - have been notified of the data breach.

But shoppers may struggle to log into their Superdrug account and change their password due to the large number of people using the website.

The retailer said it is aware that some customers it contacted had difficulty logging in and added that it "apologises for any inconvenience caused".

Worried customers can contact Superdrug by emailing help@superdrug.com.

The data breach is the latest in a string of high profile cases that has seen customers' data compromised.

Earlier this month, a hack of online game Fortnite lead to children's personal data being shared on dark web.

Meanwhile WhatsApp users have recently been warned of a newly-discovered attack that lets hackers infiltrate their private messages and group chats.

Sam Curry, chief security officer of cybersecurity analytics platform Cybereason, commented: "The biggest issue with the possible breach of private information from Superdrug customers is that this is another blow to our collective privacy.

"There is a laundry list of names of the biggest corporations in the world that have been dealt a collective knock down over the years whether it be Equifax, Anthem, Target, Heartland or eBay, to name a few.

"Today, every consumer should be working under the assumption that their personal information has been compromised many times over, and the latest Superdrug hack is a reminder that they should watch their identities and credit for abuses."